How to prohibit a Python module from calling other modules?

Prohibiting a Python module from calling other modules is achieved through sandboxing − creating a controlled execution environment. Python offers several approaches including RestrictedPython, runtime modifications, and operating system support.

What is Sandboxed Python?

A Sandboxed Python environment allows you to control module access, limit execution time, restrict network traffic, and constrain filesystem access to specific directories. This approach is also known as Restricted Execution.

Using RestrictedPython

RestrictedPython is a popular package that provides a defined subset of Python for executing untrusted code in a controlled environment ?

from RestrictedPython import compile_restricted

# Code that tries to import a module
restricted_code = """
import os
print("This won't work!")
"""

# Compile with restrictions
compiled = compile_restricted(restricted_code, '<string>', 'exec')
print("Compilation result:", compiled)

Compilation result: None

The compilation returns None because the import statement is restricted.

Creating a Custom Import Hook

You can create a custom import mechanism that blocks specific modules ?

import sys

class RestrictedImporter:
    def __init__(self, allowed_modules):
        self.allowed_modules = allowed_modules
        
    def find_spec(self, name, path, target=None):
        if name not in self.allowed_modules:
            raise ImportError(f"Module '{name}' is not allowed")
        return None

# Install the custom importer
allowed = ['math', 'json']
sys.meta_path.insert(0, RestrictedImporter(allowed))

try:
    import math  # This will work
    print("math module imported successfully")
except ImportError as e:
    print(f"Import error: {e}")

math module imported successfully

Using exec() with Restricted Globals

Control module access by providing limited built-in functions ?

# Create restricted environment
restricted_globals = {
    '__builtins__': {
        'print': print,
        'len': len,
        'range': range
    }
}

# Code without import access
safe_code = """
data = [1, 2, 3, 4, 5]
for i in range(len(data)):
    print(f"Item {i}: {data[i]}")
"""

exec(safe_code, restricted_globals)

Item 0: 1
Item 1: 2
Item 2: 3
Item 3: 4
Item 4: 5

Implementation Methods

Important Considerations

RestrictedPython is not a complete security sandbox but helps create a trusted environment for executing untrusted code. For production systems requiring high security, consider operating system-level sandboxing or container technologies.

You can explore more sandboxing techniques at: https://wiki.python.org/moin/SandboxedPython

Conclusion

Use RestrictedPython for basic module restrictions and custom import hooks for fine-grained control. For high-security applications, implement operating system-level sandboxing solutions.